Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 17 Nov 2000 01:49:04 -0600 (CST)
From:      Mike Meyer <mwm@mired.org>
To:        Tim McMillen <timcm@umich.edu>
Cc:        questions@freebsd.org
Subject:   Unix and ease of use (Was: Help: Is Sendmail secure?)
Message-ID:  <14868.58096.325144.572555@guru.mired.org>
In-Reply-To: <94146138@toto.iv>

next in thread | previous in thread | raw e-mail | index | archive | help
Tim McMillen <timcm@umich.edu> types:
> > Is there a tool for configuring sendmail.conf (and whatever else is invol=
> ved)
> > that would guide a newbie towards having a secure installation, or a lint=
> - -like
> > checker that will warn of vulnerabilities? I want to see FreeBSD (and Lin=
> ux)
> > become as popular and widespread as Windows. Whenever I see a phrase like=
>  "If
> > you are a newbie, maybe xxx could be a problem for you" I cringe. Sure
> > it's fun being proficient at something as thorny as UNIX, but if we defen=
> d it
> > on those terms we will not win wide aceptance.
> int rant()
> {
> As much as I would like to see anything other than Windows become popular
> and widespread for the masses (just think how much more productive the
> world would be if the computers everybody used didn't crash several times
> a day like MS products), maybe UNIX should not be run as a desktop OS by
> the masses.  Your average Joe down the street that only knows how to turn
> the computer on and does not care about how it works has neither the
> ability nor cares to understand the security implications of running a
> unix box.  When Redhat has its 80th root exploit of the year does Joe know
> how to or care to patch it?

I hate to tell you this, but your typical Windows desktop is *much*
less secure than a Unix box - no matter which SMTP daemon it's
running. And the Windows box doesn't even have an SMTP daemon.

Yes, joe user probably can't configure sendmail. Windows solved this
by not putting an SMTP system on the desktop. You can use the same
solution. I haven't looked through the security levels that FreeBSD
lets you isntall, but there should be one that's "don't run any
servers". That would solve all your security worries, wouldn't it? And
the system would *still* be more useful than a Windows box.

> Unix isn't easy--it wasn't designed to be.  It was designed by
> people that knew how to write compilers in 5 different types of
> programming languages.  So I'm the opposite: I tend to cringe when people
> talk about unix being easy to use.  It was desinged to be powerful and
> efficient, not easy.  Maybe in 5 years enough shell will be built around
> the unix core that it will protect the user from themselves.  Maybe
> MacOSx has already done that.

Windows was designed to be easy to use - and isn't. Windows claims to
be "friendly", but it's only friendly if you only want to do what it
is willing to let you. I think "idiot-proofed" is a better term than
"user-friendly". I'd consider unix - which gladly gives you enough
rope to do whatever you want, including hang yourself - friendlier.

The trick is realizing that Windows isn't any easier or friendlier
than Unix; it's simply that MS has leveraged their near-monopoly to
simplify things and get everyone else in the world to do Windows
support and training for them.

> But lets be honest.  We recompile our kernels to include sound
> support, patch source code to get programs installed, and the entire
> thing can be destroyed with a mistyped rm -r / hello.  The base system
> has enough functionality to run the entire internet.  Any time you have
> that much functionality it will never be easy

Actually, 4.2 should work with most supported sound cards out of the
box, as pcm has been added to generic (and you're welcome). I don't
know about you, but I seldom patch source code to install
programs. Yeah, the ports system patches code for me - but so what?
Is that really worse than replacing system libraries to make sure an
application is going to work? That's what you get with Windows
installs.

Finally, typos are only dangerous as root. A couple of quick mouse
clicks can be just as deadly on Windows - and aren't we always being
told how much *easier* those mouse clicks are? So it's easier to
destroy your machine - and there's no limited capability mode
available to help limit the damage!

> So while the FreeBSD team (and the Linux camp) has done a
> tremendous job building an OS, I think it may simply be too powerful to
> let it out to the masses.

Apple doesn't agree with you. It's going to be interesting to see if
they figure out how to keep people from using that power to shoot
themselves in the foot, while at the same time letting people use it
to blow holes in whatever problems they have.

> I included it as a codeblock to indicate it should be taken with a
> grain of salt, of course.

It is a common argument. I think it's false, whether or not you salt
it.

	<mike



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14868.58096.325144.572555>